FreeSentry
md5sum: 2c53f7c56f727ffb6dd8d16ddb3a9b02

shasum: 7e52a89f395ee6a81948c711039eee8f2cb9b60d

sha256sum: 25651d9235e99ba94dec693972c51ee96b2bef3e2f9e3fa6fa304a44bd48bd7e

FreeSentry

FreeSentry is an LLVM plugin that makes exploitation of use-after-free vulnerabilities more difficult.

Such vulnerabilities can lead to remote code execution when exploited. These vulnerabilities are difficult to spot during code reviews because of the complexity of dynamic memory operations, where the free can occur thousands of lines from the actual re-use. Many of these vulnerabilities may not cause any runtime errors during regular operation unless specific conditions are met, making them hard to detect through automated testing.

The mitigation is accomplished by dynamically tracking memory. When a memory location is freed, all pointers to that location are invalidated. If a use-after-free occurs within a program, the program will attempt to use one of the invalidated pointers and will crash, thus preventing an attacker from exploiting the vulnerability. Since any attempted use of the pointer will result in a crash, it can also be used to detect the existence of use-after-free vulnerabilities more easily when using fuzzing techniques against the software.

This technique has also found new vulnerabilities, particularly in a popular performance benchmark that was missed by similar mitigations. A paper describing the mitigation was published at NDSS.: FreeSentry: Protecting Against Use-After-Free-Vulnerabilities Due to Dangling Pointers.

*Note - This tool is not officially supported and the user assumes all liability for the use of this tool.